Upgrade to openssl-1.0.0f Bug: 5822335 Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f

commit: 7b476c43f6a45574eb34697244b592e7b09f05a3 [log] [tgz]
author: Brian Carlstrom <bdc@google.com> Wed Jan 04 13:22:32 2012 -0800
committer: Brian Carlstrom <bdc@google.com> Wed Jan 04 14:13:49 2012 -0800
tree: d8526a6da6ff7fb5c876ab92414e36322d949820
parent: ce96fb211b9a44bbd7fb5ef7ed0e6c1244045c2e [diff] [blame]
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index f9268c5..d6425e5 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h

@@ -389,6 +389,17 @@
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY		0x0010
+ 
+/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
+ * restart a handshake because of MS SGC and so prevents us
+ * from restarting the handshake in a loop. It's reset on a
+ * renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS
+ * attack where the client handshakes in a loop using SGC to
+ * restart. Servers which permit renegotiation can still be
+ * effected, but we can't prevent that.
+ */
+#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
 
 typedef struct ssl3_state_st
 	{
commit	7b476c43f6a45574eb34697244b592e7b09f05a3	[log] [tgz]
author	Brian Carlstrom <bdc@google.com>	Wed Jan 04 13:22:32 2012 -0800
committer	Brian Carlstrom <bdc@google.com>	Wed Jan 04 14:13:49 2012 -0800
tree	d8526a6da6ff7fb5c876ab92414e36322d949820
parent	ce96fb211b9a44bbd7fb5ef7ed0e6c1244045c2e [diff] [blame]